In a searchable encryption system there are different entities involved, and each entity executes one of the algorithms explained above in the system definition. The description of these entities, along with their role, is generally called the system model, and is shown below in Figure 5.1.
Figure 5.1 General system model for SE in PKE setting.
If a standard searchable encryption scheme is used, then we assume that each cloud user possesses a public and private secret key pair, [Kpuh, Kpri], generated by the key-generation center; these may be completely random keys with no relation to a person’s identity or the credentials of a user as in IBE- or ABE-based SE schemes. If an IBE or ABE scheme is used as an underlying scheme, then in the key generation the information related to one’s identity or credentials (attributes/access policy) is taken to generate the secret key of the user. In Figure 5.1, we have shown the system model for standard SE or SE based on ABE in a single diagram, which is explained as follows:
Trusted Authority: The trusted authority (ТА) is an entity that plays its role when ABE is used as an underlying scheme to develop the searchable encryption scheme. When some new user reaches the ТА for registration, the ТА will verify his/her credentials and generate his/her secret key using the GenKey algorithm. This algorithm embeds either the access policy (KP-ABE) or the attributes (CP-ABE) associated with that user. The ТА also initializes the system by executing the Setup algorithm, which generates the public parameters, PP, and the master secret key, MSK, out of which PP are made available to every cloud user.
Data Owner: The data owner (DO) is an entity that wants to share his/her data to multiple users. The DO first encrypts the data and the associated keywords by invoking the Genlndex algorithm. This algorithm encrypts the keyword, w„ using Криь, if a standard SE is used; otherwise, if say, ABE is used, this algorithm encrypts the keyword, w„ using PP as well as the access policy (if CP-ABE is used) or the attributes (if KP-ABE is used). The data owner then uploads the encrypted data to the cloud server.
Data User: The Data User (DU) is an entity that wants to retrieve the data stored by the data owners at the cloud server. Since the data is in an encrypted form and DU wants the cloud server to perform a search on the encrypted data, so, the data owner must delegate his/her searching functionality to the cloud server. The data owner generates the search trapdoor using his/her secret key by executing the GenTrap algorithm.
Cloud Server: The cloud server (CU) is owned by a third party to provide services like storage. It stores the encrypted data and performs a search on this data using the search trapdoor supplied by the DU. If a standard SE is used, then the search algorithm takes only the ciphertext and the trapdoor for the keyword; otherwise, it may additionally requirethe PP, if an ABE scheme is used, or PKse, if some transformation method is used. PKse denotes the public key of the transformed searchable encryption scheme.
Flow Of Information Between Different Parties Involved In An Se System
The flow of information between different parties in an IBE-based SE system is explained in the following steps as shown in Figure 5.2. i) The DO sends data along with the associated keywords in an encrypted form under
Figure 5.2 Flow of information in an IBE-based SE system.
the public key of recipient, Kpub using the GenIndex(Kpub, w,) algorithm. The resulting encrypted data along with its index is stored at the remote server for sharing it with other users, ii) The DU generates the trapdoor for the keyword which is associated with that particular file using the GenTrap(Kpri, w.) algorithm. The generated trapdoor will enable the cloud server to perform search if it is generated by the user for whom the data is intended, i.e. the trapdoor is generated using the private key of the same user whose public key was used to generate the index. Hi) The CS performs the search over encrypted data, C,, using the search trapdoor, T„ sent by the DU. The search operation is done by the cloud server on the behalf of DU using the Searcb(Ci, T;) algorithm. If the keyword corresponding to the search trapdoor is found then the cloud server returns binary output 1; otherwise, it outputs 0.
The flow of information between different parties in an ABE-based SE system is explained in the following steps as shown in Figure 5.3.: i) The ТА initializes the system using the Setup(X) algorithm which takes security parameter X as input. Also, it issues the essential credentials to the cloud users using KeyGen(MSK) algorithm which takes the master secret key as input, ii) A data owner is the one who would like to outsource their collection of data along with some keywords to the cloud server for the purpose of sharing. Owing to the confidential nature of the data, it is stored in an encrypted form. To upload the data over the cloud server, the data owner uses GenIndex(PP, w,) which takes public parameters, PP, and the metadata item, wn associated with the data file as input and generates the ciphertext, C, of w,. Once the data is uploaded to the cloud server, now it can be searched by the authorized users, iii) A DU is the one who wants to retrieve the data stored by the data owner at the cloud server. If the user is authorized, then he/she can generate a trapdoor for the keyword associated with the data file and give it to the cloud server to perform search. Suppose a DU wants to retrieve a data file which contains a particular keyword, wr The DU will first generate the search trapdoor/token using his secret credentials to run GenTrap[SK„, w,) and then send the trapdoor, T„ to the cloud server, iv) A cloud server stores the encrypted data and performs search operation on the behalf of the DU. The cloud server is assumed to be honest, i.e. it correctly executes the search algorithm. Upon reception of the search trapdoor/token the cloud server will perform search the encrypted data stored over it using Search(Cj,T,). If the search trapdoor/token is generated by an authorized user having valid secret credentials, then the public component in the ciphertext and the corresponding secret components in the search trapdoor/token will get cancelled out as per the rule of an encryption system. Therefore, an equality condition will hold if the keyword in the ciphertext and the search trapdoor/token matches. In such a scenario, it is said that the keyword being searched is found and therefore a binary value 1 is returned as output. Otherwise, 0 is returned which signifies that the keyword is not found. In another situation, if the search trapdoor/token is not generated by the authorized user then the search
Figure 5.3 Flow of information in ABE-based SE system.
process will terminate and _L (null) is returned to the user. It signifies that the user has no right to perform search over the encrypted data shared by data owner over common storage managed by some remote cloud server.
During the entire process in both the models, the cloud server is assumed to be honest and will correctly execute all the algorithms but it may be curious to find some relevant information. Therefore, while developing a searchable encryption scheme we must ensure that the cloud server will not get any information about the plaintext of the keyword being searched. This model is known as security against chosen keyword attack (CKA) which is formally introduced in the next section.